This white paper describes the implementation of the TCP/IP protocol stack in the Microsoft® Windows Server™ 2003 family and is a supplement to the Windows Server 2003 Help and Support Center and Technical Reference documentation. This white paper contains an overview of TCP/IP in Windows Server 2003 features and capabilities, a discussion of protocol architecture, and detailed discussions of the core components, network application interfaces, and critical client components and services. The intended audience for this paper is network engineers and support professionals who are already familiar with TCP/IP. Except where noted, the TCP/IP implementation for Windows® XP is the same as that for Windows Server 2003.
The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.
This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT.
Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.
Active Directory, Microsoft, Windows, and Windows NT are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
Capabilities and Functionality 2
Architectural Model 11
The NDIS Interface and Below 14
Core Protocol Stack Components and the TDI Interface 18
Network Application Interfaces 47
Critical Client Services and Stack Components 55
Appendix A: TCP/IP Configuration Parameters 58
NetBIOS over TCP/IP Configuration Parameters 85
Windows Sockets and DNS Registry Parameters 96
Appendix D: Tuning TCP/IP Response to Attack 106
Appendix E: Format of the Daytime Service Response String 109
Microsoft has adopted TCP/IP as the strategic enterprise network transport for its platforms. In the early 1990s, Microsoft started an ambitious project to create a TCP/IP stack and services that would greatly improve the scalability of Microsoft networking. With the release of the Microsoft® Windows NT® 3.5 operating system, Microsoft introduced a completely rewritten TCP/IP stack. This new stack was designed to incorporate many of the advances in performance and ease of administration that were developed over the past decade. The stack was a high-performance implementation of the industry-standard TCP/IP protocol. It has evolved with each version of Windows based on the Windows NT code base to include new features and services that enhance performance, security, and reliability.
The goals in designing the TCP/IP stack were to make it:
Standards-compliant and interoperable
Scalable and fast
Self-tuning and easy to administer
In this paper, the Windows Server 2003 TCP/IP protocol suite is examined from the bottom up. Throughout the paper, network traces are used to illustrate key concepts. These traces were gathered and formatted using Microsoft Network Monitor 2.0, a software-based protocol tracing and analysis tool included in the Microsoft Systems Management Server product. Windows 2000 Server and Windows Server 2003 include a limited functionality version of Network Monitor. The primary difference between this version and the Systems Management Server version is that the limited version can only capture frames that would normally be seen by the computer that it is installed on, rather than all frames that pass over the network (which requires the network interface card to be in promiscuous mode). It also does not support connecting to remote Network Monitor Agents.
Capabilities and Functionality
Windows Server 2003 TCP/IP was designed to make it easy to integrate Microsoft systems into large-scale corporate, government, and public networks, and to provide the ability to operate over those networks in a secure manner. The Windows Server 2003 TCP/IP protocol is installed by default and, unlike previous versions of Windows, cannot be uninstalled. However, you can reset the TCP/IP configuration to a default state with the netsh interface ip reset command.